Yoran ready to ditch PADC for successor

The Homeland Security Department is considering alternatives to its year-old Patch Authentication and Dissemination Capability, which has failed to generate much agency interest.

What a new patch management service would do has not been determined, said Amit Yoran, director of the National Cybersecurity Division in DHS' Information Assurance and Infrastructure Protection Directorate. The only thing decided so far is that 'it is not a continuation of PADC,' he said.

'We have to measure ourselves by the value our programs provide,' Yoran said. 'We talked with agency chief security officers and CIOs. The message we got was that it was a good concept, but the program wasn't delivering the value we hoped for.'

PADC, a free service at padc.fedcirc.gov offered by DHS' Federal Computer Incident Response Center, tests and validates vendors' security patches, notifies government subscribers and provides a secure link for downloading the patches. But commercial tools are available for the same tasks.

'Configuration and patch management is a fundamental building block of effective IT security,' Yoran said. 'It is core.'